Design And Implementation On Security Access Control System

With the rapid development of the computer and network communication technology, more and more enterprise network applications have been displayed on the open network platform, and the network and information security has become the focus of network technology. For the technology system of the network security, the International Organization for Standards (ISO) has given the five-level model of the security services:authentication service, access control service, data confidentiality service, data integrity service and non-repudiation service. However, between the different services, the researches are independent, and the related security solutions just face only one level. That can not satisfy the increasing enterprise information security management requirements.Based on the analysis of the existing model, this thesis propose a more secure model, named capability-role based access control model. Combination of data encryption technology, this paper designs and implementations of capability-role base security access control system. Specifically as follows:Firstly, this paper gives the formal definition of the model and analyzes the model with the examples. With the introduction of the "capacity" of the concept, and adding its associated permissions and roles of the identification, this model can restrict the administrator's authorization operations, and resolve the potential risks of unlimited authorization operating at the model levelSecondly, based on the remote access protocols and cryptography research, this paper gives a security communication architecture of the security access control system. That makes the system is not only an access control service, but also a data protection service. So the system can meet the higher current corporation requirements for information security management.Finally, combination of existing implementation techniques, the capacity-role based access control model and the secure communication architecture, this paper gives the detailed description of the security access control system main modules design and implementation.